Intel says that a piece of software inside virtually all of its newest computer chips contains a critical security flaw that enables an attacker to manipulate security features, run arbitrary code or crash a system.

The chip maker launched a comprehensive review of its firmware after a private team of Russian security researchers reported in August it had found a way to access a backdoor designed to allow some government customers to disable the Management Engine (ME) master controller inside Intel CPUs.

Intel, in an alert issued Monday, reported that the review had identified 11 significant security issues affecting millions of computers, servers and even Internet of Things (IoT) devices.

“In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience,” the alert states. “As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk.

“Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.”